[iexplore.exe] j ai 2 iexplore.exe

Résolu/Fermé
JamaisContent
Messages postés
5
Date d'inscription
lundi 19 mars 2007
Statut
Membre
Dernière intervention
19 mars 2007
- 19 mars 2007 à 20:03
titil
Messages postés
1
Date d'inscription
mercredi 23 avril 2008
Statut
Membre
Dernière intervention
23 avril 2008
- 23 avril 2008 à 10:33
Bonjour, j ai 2 iexplore.exe dans mes processus est-ce normal ? vu que j utilise firefox j ai quelques doutes, adaware et spybots n ont rien trouvé, pourriez vous vérifier svp voici mon rapport de hijack

Logfile of HijackThis v1.99.1
Scan saved at 19:22:39, on 19/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\Olivier\Bureau\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [BYTE GRIM] C:\DOCUME~1\Olivier\APPLIC~1\WAITFU~1\CASHNEW.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

10 réponses

Salut JamaisContent

Ton pc est infecté par l'adware Lop, télécharge ceci
Double clic sur Lopxpv3.exe.
Sur ton bureau un nouveau dossier va apparaitre, Lopxpv3.
A l'intérieur, lance le fichier Lopxp.bat.
Quant il aura fini son job, copie et colle le contenu du fichier lop.txt ici à la suite de ton message.

a+
0
JamaisContent
Messages postés
5
Date d'inscription
lundi 19 mars 2007
Statut
Membre
Dernière intervention
19 mars 2007

19 mars 2007 à 20:52
Salut zBr merci pour ton aide voici le rapport

------------------------------------------------
Rapport Lopxp fait le lun. 19/03/2007 à 20:48:00,89
------------------------------------------------

Exécuté dans C:\Documents and Settings\Olivier\Bureau\Lopxpv3


/!\ Attention /!\

Les résultats de ce rapport sont sujets à interprétations,
Et ne démontrent pas systématiquement des dossiers infectés...



_________________________________________________________________

## Processus


/!\ Utilisation suspecte par un processus, d'Internet Explorer :

iexplore.exe pid: 3220 54C: C:\DOCUME~1\ALLUSE~1\APPLIC~1\OWNSTI~1\LISTTY~1.EXE


/!\ Utilisation suspecte par un processus, d'Internet Explorer:

iexplore.exe pid: 3512 4EC: C:\Documents and Settings\All Users\Application Data\OWNSTITLEBAITSIZE\live open ball


_________________________________________________________________

## Recherche prédéterminé dans C:\Program Files




[X] C:\Program Files\BitGrabber Présent ! Installé le: 18/03/2007

Recherche des dossiers crées le 18/03/2007 :


C:\Program Files\waitfunkbind
C:\Documents and Settings\All Users\Application Data\OWNSTITLEBAITSIZE



_________________________________________________________________

## Tâches planifiées cachées

(Panneau de configuration > Tâches planifiées > Menu "Avancé" > Afficher les tâches masquées)

Suspect : C:\WINDOWS\Tasks\B52842AE9A0BF42A.job



_________________________________________________________________

## Détection des paramètres de désinstallation du sponsor P2P:
(BitDownload,BitGrabber,BitRoll,NetPumper,TorrentQ,Torrent101...)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\birdbashbits]

DisplayName REG_SZ CiD Help
UninstallString REG_SZ C:\DOCUME~1\Olivier\APPLIC~1\WAITFU~1\CASHNEW.exe -uninstall

- Label de désinstallation listé "CiD Help" dans Ajout/Supression de Programmes.




_________________________________________________________________

## Listing des dossiers des répertoires Application Data


C:\Documents and Settings\All Users\Application Data

05/02/2007 17:18 <REP> Adobe
30/01/2007 21:07 <REP> BOONTY
30/12/2006 15:32 <REP> CyberLink
30/12/2006 13:31 <REP> DVD Shrink
29/12/2006 23:10 <REP> Google
29/12/2006 23:10 <REP> Google Updater
04/03/2007 14:54 <REP> InstallShield
10/02/2007 11:50 <REP> Microsoft
13/01/2007 14:27 <REP> Microsoft Help
29/12/2006 18:09 <REP> NVIDIA
29/12/2006 18:14 <REP> nView_Profiles
18/03/2007 19:11 <REP> OWNSTITLEBAITSIZE
19/03/2007 19:30 <REP> Spybot - Search & Destroy
31/12/2006 16:43 <REP> Windows Genuine Advantage



C:\Documents and Settings\Olivier\Application Data

05/02/2007 17:10 <REP> Adobe
05/02/2007 17:17 <REP> AdobeUM
04/03/2007 16:16 <REP> Canon
03/03/2007 16:02 <REP> Command & Conquer 3 Tiberium Wars Demo
30/12/2006 15:32 <REP> CyberLink
19/03/2007 20:46 <REP> DMCache
19/02/2007 18:41 <REP> Google
29/12/2006 16:53 <REP> Identities
30/12/2006 16:47 <REP> IDM
02/03/2007 17:44 <REP> IGN_DLM
29/12/2006 23:19 <REP> Lavasoft
30/12/2006 12:22 <REP> Logitech
02/03/2007 16:10 <REP> Macromedia
22/02/2007 19:49 <REP> Microsoft
07/01/2007 19:16 <REP> Mozilla
25/02/2007 19:41 <REP> Sun
30/12/2006 16:03 <REP> Talkback
30/12/2006 16:03 <REP> Thunderbird
14/01/2007 14:51 <REP> Torrent101
10/02/2007 11:50 <REP> Uniblue
18/03/2007 18:59 <REP> uTorrent
09/03/2007 22:56 <REP> Vso
18/03/2007 19:11 <REP> waitfunkbind


C:\Documents and Settings\Olivier\Local Settings\Application Data

29/12/2006 23:21 <REP> Adobe
06/03/2007 19:26 <REP> ApplicationHistory
03/03/2007 15:59 <REP> Downloaded Installations
06/03/2007 19:39 <REP> GameSpy
17/03/2007 19:59 <REP> Google
30/12/2006 12:32 <REP> Identities
08/03/2007 17:55 <REP> Microsoft
13/01/2007 12:38 <REP> Microsoft Help
07/01/2007 19:16 <REP> Mozilla
12/01/2007 18:43 <REP> Oblivion
13/01/2007 14:19 <REP> PCHealth
30/12/2006 16:03 <REP> Thunderbird


____________________________________________

## Listing des dossiers dans C:\Program Files

29/12/2006 23:11 <REP> Adobe
30/12/2006 15:29 <REP> Ahead
20/02/2007 23:04 <REP> Alcatel
30/12/2006 00:09 <REP> Alcohol Soft
29/12/2006 17:31 <REP> Alwil Software
30/12/2006 12:41 <REP> ArcSoft
30/12/2006 13:21 <REP> Ashampoo
18/03/2007 19:34 <REP> BitGrabber
30/01/2007 21:07 <REP> BoontyGames
30/12/2006 12:42 <REP> Caere
19/03/2007 19:11 <REP> CCleaner
19/03/2007 19:03 <REP> CleanUp!
29/12/2006 16:46 <REP> ComPlus Applications
30/12/2006 13:28 <REP> coverXP
05/03/2007 19:28 <REP> Cyanide
30/12/2006 15:31 <REP> CyberLink
04/01/2007 16:35 <REP> DIFX
30/12/2006 13:31 <REP> DVD Shrink
03/03/2007 20:23 <REP> Electronic Arts
25/02/2007 00:04 <REP> ESET
25/02/2007 19:39 <REP> Fichiers communs
06/01/2007 01:20 <REP> FlashGet
17/03/2007 19:59 <REP> Google
29/12/2006 23:54 <REP> Grisoft
30/12/2006 12:35 <REP> Hewlett-Packard
30/12/2006 12:34 <REP> hp deskjet 5550 series
08/02/2007 19:09 <REP> IGN
10/02/2007 18:51 <REP> Internet Download Manager
24/02/2007 23:58 <REP> Internet Explorer
13/01/2007 19:10 <REP> IZArc
25/02/2007 19:40 <REP> Java
29/12/2006 23:10 <REP> Lavasoft
30/12/2006 12:21 <REP> Logitech
31/12/2006 16:52 <REP> Messenger
29/12/2006 16:49 <REP> microsoft frontpage
13/01/2007 14:35 <REP> Microsoft Office
13/01/2007 14:35 <REP> Microsoft Visual Studio
29/12/2006 17:01 <REP> Movie Maker
18/03/2007 19:08 <REP> Mozilla Firefox
02/03/2007 15:21 <REP> Mozilla Thunderbird
08/02/2007 18:43 <REP> MSBuild
29/12/2006 16:46 <REP> MSN
29/12/2006 16:46 <REP> MSN Gaming Zone
09/02/2007 14:52 <REP> MSN Messenger
13/01/2007 12:05 <REP> MSXML 4.0
09/02/2007 15:12 <REP> Multi_Media
29/12/2006 17:00 <REP> NetMeeting
13/01/2007 15:41 <REP> NVIDIA Corporation
13/01/2007 15:19 <REP> OO Software
31/12/2006 17:03 <REP> Outlook Express
08/02/2007 18:41 <REP> Reference Assemblies
29/12/2006 16:46 <REP> Services en ligne
10/02/2007 11:51 <REP> Spybot - Search & Destroy
30/12/2006 13:15 <REP> ToniArts
25/02/2007 19:37 <REP> uTorrent
30/12/2006 15:36 <REP> vso
18/03/2007 19:10 <REP> waitfunkbind
29/12/2006 18:34 <REP> Western Digital Technologies
31/12/2006 19:45 <REP> Windows Media Connect 2
31/12/2006 19:44 <REP> Windows Media Player
29/12/2006 17:00 <REP> Windows NT
08/02/2007 19:00 <REP> WinRAR
29/12/2006 16:49 <REP> xerox



_________________________________________________________________

## Recherche dans le registre


# Clés de démarrage :


* HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BYTE GRIM REG_SZ C:\DOCUME~1\Olivier\APPLIC~1\WAITFU~1\CASHNEW.exe
_________________________________________________________________

## Modification du fichier Hosts

127.0.0.1= Url bloquée Autre= Redirection

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD


_________________________________________________________________

# Popups autorisées

* Internet Explorer

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
*.ogame259.de REG_BINARY
netsearchsoft.com REG_SZ
www.netsearchsoft.com REG_SZ
netbios-wait.com REG_SZ
www.netbios-wait.com REG_SZ

* Mozilla Firefox (1 autorisé 2 interdit)

host popup 1 www.developpez.net
host popup 1 www.ledivx.com
host popup 1 www.emule-mania.com
host popup 1 diablo2.judgehype.com
host popup 1 www.jeuxanimes.com
host popup 1 www.abannonces.com
host popup 1 www.grandtheftauto.fr

* Suite Mozilla / SeaMonkey (1 autorisé 2 interdit)


_________________________________________________________________

## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)



_________________________ Fin du rapport ________________________
0
Salut

Ce sont ces deux programmes qui sont responsables des pubs que tu as en ce moment : BitGrabber, Torrent101
En les instanllant tu as aussi choisis d'installer un sponsor assez encombrant lol.

Dans ajout/suppression de programme désinstalle CiD help.
Puis tu fais :
Démarrer >> exécuter et tu tape %temp%
Dans la fenetre qui va s'ouvrir, supprime les fichiers d'extention *.exe s'il y en a.

Redemarre ton pc et relance Loxpv3.bat et cette fois choisis l'option 2 Mode avancé et ensuite tape 1
Poste le rapport qui apparaitra dans le bloc notes.

a++
0
JamaisContent
Messages postés
5
Date d'inscription
lundi 19 mars 2007
Statut
Membre
Dernière intervention
19 mars 2007

19 mars 2007 à 21:26
re voici le rapport c'est super ca a marché merci bcps

LopP2P : lun. 19/03/2007 21:24:13,51

FixP2P Mode


________________________________
## Arrêt des processus

Effectué.
________________________________
## Nettoyage du registre:

Nettoyage effectué


________________________________
## Suppression des dossiers:

C:\Program Files\BitGrabber Supprimé
C:\Documents and Settings\Olivier\Application Data\Torrent101 Supprimé
C:\My downloads Supprimé

encore merci a +
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Bien... La désinstallation de CiDhelp s'est bien passé ?

Maintenant reposte un rapport hijackthis et un dernier rapport lopxpv3, option 1 Rechercher/Générer un rapport.

Est ce que tu pourrais me dire sur quel site tu as dl uTorrent ?
Sur le site officiel ou ailleurs ?

a++
0
JamaisContent
Messages postés
5
Date d'inscription
lundi 19 mars 2007
Statut
Membre
Dernière intervention
19 mars 2007

19 mars 2007 à 21:51
je lai dl sur le site officiel, j ai dl un prog avec µtorrent, l ai décompressé,
et lancé le fichier d instal qui était en faite bitgrabber mon antivirus a détécté un trojan qu il a supprimé puis j ai eu quelques ralentissements

voici les rapports

Logfile of HijackThis v1.99.1
Scan saved at 21:38:57, on 19/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Olivier\Bureau\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

lop rapport

------------------------------------------------
Rapport Lopxp fait le lun. 19/03/2007 à 21:49:43,23
------------------------------------------------

Exécuté dans C:\Documents and Settings\Olivier\Bureau\Lopxpv3


/!\ Attention /!\

Les résultats de ce rapport sont sujets à interprétations,
Et ne démontrent pas systématiquement des dossiers infectés...



_________________________________________________________________

## Processus



_________________________________________________________________

## Recherche prédéterminé dans C:\Program Files




_________________________________________________________________

## Tâches planifiées cachées

(Panneau de configuration > Tâches planifiées > Menu "Avancé" > Afficher les tâches masquées)



_________________________________________________________________

## Détection des paramètres de désinstallation du sponsor P2P:
(BitDownload,BitGrabber,BitRoll,NetPumper,TorrentQ,Torrent101...)





_________________________________________________________________

## Listing des dossiers des répertoires Application Data


C:\Documents and Settings\All Users\Application Data

05/02/2007 17:18 <REP> Adobe
30/01/2007 21:07 <REP> BOONTY
30/12/2006 15:32 <REP> CyberLink
30/12/2006 13:31 <REP> DVD Shrink
29/12/2006 23:10 <REP> Google
29/12/2006 23:10 <REP> Google Updater
04/03/2007 14:54 <REP> InstallShield
10/02/2007 11:50 <REP> Microsoft
13/01/2007 14:27 <REP> Microsoft Help
29/12/2006 18:09 <REP> NVIDIA
29/12/2006 18:14 <REP> nView_Profiles
19/03/2007 19:30 <REP> Spybot - Search & Destroy
31/12/2006 16:43 <REP> Windows Genuine Advantage



C:\Documents and Settings\Olivier\Application Data

05/02/2007 17:10 <REP> Adobe
05/02/2007 17:17 <REP> AdobeUM
04/03/2007 16:16 <REP> Canon
03/03/2007 16:02 <REP> Command & Conquer 3 Tiberium Wars Demo
30/12/2006 15:32 <REP> CyberLink
19/03/2007 20:46 <REP> DMCache
19/02/2007 18:41 <REP> Google
29/12/2006 16:53 <REP> Identities
30/12/2006 16:47 <REP> IDM
02/03/2007 17:44 <REP> IGN_DLM
29/12/2006 23:19 <REP> Lavasoft
30/12/2006 12:22 <REP> Logitech
02/03/2007 16:10 <REP> Macromedia
22/02/2007 19:49 <REP> Microsoft
07/01/2007 19:16 <REP> Mozilla
25/02/2007 19:41 <REP> Sun
30/12/2006 16:03 <REP> Talkback
30/12/2006 16:03 <REP> Thunderbird
10/02/2007 11:50 <REP> Uniblue
18/03/2007 18:59 <REP> uTorrent
09/03/2007 22:56 <REP> Vso


C:\Documents and Settings\Olivier\Local Settings\Application Data

29/12/2006 23:21 <REP> Adobe
06/03/2007 19:26 <REP> ApplicationHistory
03/03/2007 15:59 <REP> Downloaded Installations
06/03/2007 19:39 <REP> GameSpy
17/03/2007 19:59 <REP> Google
30/12/2006 12:32 <REP> Identities
08/03/2007 17:55 <REP> Microsoft
13/01/2007 12:38 <REP> Microsoft Help
07/01/2007 19:16 <REP> Mozilla
12/01/2007 18:43 <REP> Oblivion
13/01/2007 14:19 <REP> PCHealth
30/12/2006 16:03 <REP> Thunderbird


____________________________________________

## Listing des dossiers dans C:\Program Files

29/12/2006 23:11 <REP> Adobe
30/12/2006 15:29 <REP> Ahead
20/02/2007 23:04 <REP> Alcatel
30/12/2006 00:09 <REP> Alcohol Soft
29/12/2006 17:31 <REP> Alwil Software
30/12/2006 12:41 <REP> ArcSoft
30/12/2006 13:21 <REP> Ashampoo
30/01/2007 21:07 <REP> BoontyGames
30/12/2006 12:42 <REP> Caere
19/03/2007 19:11 <REP> CCleaner
19/03/2007 19:03 <REP> CleanUp!
29/12/2006 16:46 <REP> ComPlus Applications
30/12/2006 13:28 <REP> coverXP
05/03/2007 19:28 <REP> Cyanide
30/12/2006 15:31 <REP> CyberLink
04/01/2007 16:35 <REP> DIFX
30/12/2006 13:31 <REP> DVD Shrink
03/03/2007 20:23 <REP> Electronic Arts
25/02/2007 00:04 <REP> ESET
25/02/2007 19:39 <REP> Fichiers communs
06/01/2007 01:20 <REP> FlashGet
17/03/2007 19:59 <REP> Google
29/12/2006 23:54 <REP> Grisoft
30/12/2006 12:35 <REP> Hewlett-Packard
30/12/2006 12:34 <REP> hp deskjet 5550 series
08/02/2007 19:09 <REP> IGN
10/02/2007 18:51 <REP> Internet Download Manager
24/02/2007 23:58 <REP> Internet Explorer
13/01/2007 19:10 <REP> IZArc
25/02/2007 19:40 <REP> Java
29/12/2006 23:10 <REP> Lavasoft
30/12/2006 12:21 <REP> Logitech
31/12/2006 16:52 <REP> Messenger
29/12/2006 16:49 <REP> microsoft frontpage
13/01/2007 14:35 <REP> Microsoft Office
13/01/2007 14:35 <REP> Microsoft Visual Studio
29/12/2006 17:01 <REP> Movie Maker
18/03/2007 19:08 <REP> Mozilla Firefox
02/03/2007 15:21 <REP> Mozilla Thunderbird
08/02/2007 18:43 <REP> MSBuild
29/12/2006 16:46 <REP> MSN
29/12/2006 16:46 <REP> MSN Gaming Zone
09/02/2007 14:52 <REP> MSN Messenger
13/01/2007 12:05 <REP> MSXML 4.0
09/02/2007 15:12 <REP> Multi_Media
29/12/2006 17:00 <REP> NetMeeting
13/01/2007 15:41 <REP> NVIDIA Corporation
13/01/2007 15:19 <REP> OO Software
31/12/2006 17:03 <REP> Outlook Express
08/02/2007 18:41 <REP> Reference Assemblies
29/12/2006 16:46 <REP> Services en ligne
10/02/2007 11:51 <REP> Spybot - Search & Destroy
30/12/2006 13:15 <REP> ToniArts
25/02/2007 19:37 <REP> uTorrent
30/12/2006 15:36 <REP> vso
29/12/2006 18:34 <REP> Western Digital Technologies
31/12/2006 19:45 <REP> Windows Media Connect 2
31/12/2006 19:44 <REP> Windows Media Player
29/12/2006 17:00 <REP> Windows NT
08/02/2007 19:00 <REP> WinRAR
29/12/2006 16:49 <REP> xerox



_________________________________________________________________

## Recherche dans le registre


# Clés de démarrage :

_________________________________________________________________

## Modification du fichier Hosts

127.0.0.1= Url bloquée Autre= Redirection

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD


_________________________________________________________________

# Popups autorisées

* Internet Explorer

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
*.ogame259.de REG_BINARY

* Mozilla Firefox (1 autorisé 2 interdit)

host popup 1 www.developpez.net
host popup 1 www.ledivx.com
host popup 1 www.emule-mania.com
host popup 1 diablo2.judgehype.com
host popup 1 www.jeuxanimes.com
host popup 1 www.abannonces.com
host popup 1 www.grandtheftauto.fr

* Suite Mozilla / SeaMonkey (1 autorisé 2 interdit)


_________________________________________________________________

## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)



_________________________ Fin du rapport ________________________
0
Ok, pour moi, l'infection est supprimé.
Evite comme la peste à l'avenir de télécharger un de ces clients Bittorent
BitDownload,BitGrabber,BitRoll,TorrentQ,Torrent101
ou NetPumper en accelérateur de dl.
Ils installent tous un spyware ou "sponsor" qui balance des pubs toutes les 30s avec IE et récupère des i,fos personnelles sur tes habitudes de surf...
Je vois que tu as Ccleaner, tu devrais l'utiliser pour faire un peu de ménage.
Enfin dernière vérification, rends toi ici (Avec internet explorer):
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
Et fais scanner tout ton pc par l'AV en ligne, histoire d'être sur que tout est vraiment ok.
Poste le rapport s'il détecte quelque chose.

a++
0
JamaisContent
Messages postés
5
Date d'inscription
lundi 19 mars 2007
Statut
Membre
Dernière intervention
19 mars 2007

19 mars 2007 à 22:35
ok Kaspersky n a rien détecté je venais d installé ccleaner suite a la lecture de discussion sur le forum a propos de iexplore.exe


ben voila un grand merci pour ton aide bonne soirée/nuit moi je vais me coucher avec soulagement lol

a+++
0
De rien :-)

Bonne fin de soirée.
0
titil
Messages postés
1
Date d'inscription
mercredi 23 avril 2008
Statut
Membre
Dernière intervention
23 avril 2008

23 avril 2008 à 10:33
Bonjour j'ai le meme probleme et apres norton, multi virus cleaner 2008, antivir et ad aware 2007, rien a faire les 2 IEXPLORER sont toujours presents et prennent beaucoup de place(80 000Ko et le 2eme 10 000Ko)memoire vive 512,
est ce que quelqu'un peut m'aider mon ordi rame mortellement voici mon rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:07, on 23/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\sistray.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ségolène\Local Settings\Temporary Internet Files\Content.IE5\T1G4FSAJ\HiJackThis[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] C:\Documents and Settings\All Users\Application Data\Long slow road itch\Flag Build.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\SÉGOLÈNE\APPLIC~1\ELSEPL~1\AXISNEW.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://segolobregain.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
0